Isaca Updated Cybersecurity-Audit-Certificate Exam Questions and Answers by haaniya

When employees use personal mobile devices to access a VPN, the greatest concern for an IS auditor is the potential for sensitive data to be stored in an unsecured manner. If data is stored in plain text, it could be easily accessed by unauthorized parties if the device is lost, stolen, or compromised. This risk is heightened when the devices are not managed by the organization’s IT department, which would typically enforce security policies such as encryption.

References: ISACA’s resources on securing mobile devices and VPN technology assurance emphasize the importance of implementing strong security controls to protect sensitive data on mobile devices. This includes ensuring that data is not stored in plain text and is instead encrypted to prevent unauthorized access1234. The use of mobile device management (MDM) software is also advocated to remotely manage and secure mobile devices used for corporate access1.

HTTPS, or Secure Hypertext Transfer Protocol, is an extension of HTTP that is protected by encryption via Transport Layer Security (TLS). This protocol ensures secure communication over a computer network by encrypting the data exchanged between a web server and a web browser, thereby protecting the integrity and confidentiality of the transmitted data.

References = While I cannot provide direct references from the Cybersecurity Audit Manual, the definition and workings of HTTPS are well-established in cybersecurity resources. HTTPS uses TLS (formerly SSL) to secure the data transfer, which is a fundamental concept covered in various cybersecurity literature, including ISACA’s materials123. For detailed information, please refer to the official ISACA resources and study guides.

 One way to control the integrity of digital assets is through the use of hashing. This is because hashing is a technique that applies a mathematical function to a digital asset, such as a file or amessage, and produces a unique and fixed-length value, known as a hash or a digest. Hashing helps to verify the integrity of digital assets, by comparing the hash values before and after transmission or storage, and detecting any changes or modifications to the original asset. The other options are not ways to control the integrity of digital assets, but rather different concepts or techniques that are related to information security, such as policies (A), frameworks (B), or caching C.

A full backup involves copying all data to the backup storage location. It is the most comprehensive type of backup, which makes it the most time-consuming. This is because every file and folder is included in the backup, regardless of when it was last modified.

Incremental and differential backups are faster because they only copy data that has changed since the last backup. Incremental backups include data that has changed since the last incremental backup, while differential backups include data that has changed since the last full backup.

Offsite backups refer to the location where the backup is stored rather than the method of backup, so the time required can vary widely depending on the specific circumstances.

References: The information provided here is based on standard backup practices and principles, which are likely to be consistent with those found in ISACA’s Cybersecurity Audit resources. For specific references, please consult the ISACA Cybersecurity Audit Manual or related study guides12.